IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This commit fixes problem when host key is already added in SSH
`known_hosts` file but SSH fails to validate this host key.
NOTE:
This problem manifests only when simulating 'accept-new' feature of the
newer SSH (>v7.6) via 'Match' with 'ssh-keygen -F'.
The cause of this problem is the fact that hostname is stored always
in lowercase even if the hostname had an upcase character.
It means that the record in `known_hosts` file for hostname `ABC`
becomes something like 'abc,10.0.0.10' - which in turn is hashed...
Therefore SSH with `HashKnownHosts=yes` is comparing wrong hashes:
hash('ABC,10.0.0.10') vs hash('abc,10.0.0.10')
Most likely a bug or an oversight in SSH.
With this option disabled (`HashKnownHosts=no`) both upcased `ABC`
and lowercased `abc` work.
Example with *ENABLED* `HashKnownHosts=yes`:
[oneadmin@ABC ~] hostname
ABC
[oneadmin@ABC ~] rm -f ~/.ssh/known_hosts
[oneadmin@ABC ~] ssh-keyscan -H $(hostname) >> ~/.ssh/known_hosts
[oneadmin@ABC ~]$ ssh ABC # this fails
No ECDSA host key is known for abc and you have requested strict
checking.
Host key verification failed.
[oneadmin@ABC ~]$ ssh abc # this works
Warning: Permanently added 'abc,10.10.0.41' (ECDSA) to the list
of known hosts.
Last login: Mon Jun 15 04:32:38 2020 from ::1
[oneadmin@ABC ~]$ # success with lowercase hostname
Signed-off-by: Petr Ospalý <pospaly@opennebula.io>
* F #1473: Update SSH config and sockets
- install files via install.sh script
- replace crontab with systemd timer
- update opennebula.service dependency
- move ssh master sockets from ~oneadmin to /run/one/ssh-socks
- modify ssh wrapper to not use external programs but only bash builtins
- update ssh configs
Signed-off-by: Petr Ospalý <pospaly@opennebula.io>
* F #1473: Update SSH config and sockets
* F #1473: Update SSH config and sockets
* F #1473: Update SSH wrapper
- rename SSH_USE_MASTER_SOCK to SSH_OPT_CONTROL_MASTER
- change the logic of this directive to be a value of the SSH
'ControlMaster' option (default is 'auto')
- delete the SSH_USE_MASTER_SOCK from opennebula.service (not needed
anymore)
Signed-off-by: Petr Ospalý <pospaly@opennebula.io>
Co-authored-by: Vlastimil Holer <vholer@opennebula.io>
- add ssh wrapper which is used only on the fronted
- disable SSH master socket on the nodes
- add new PATH and SSH_USE_MASTER_SOCK into opennebula.service
Signed-off-by: Petr Ospalý <pospaly@opennebula.io>
